# SOME DESCRIPTIVE TITLE
# Copyright (C) YEAR Free Software Foundation, Inc.
# This file is distributed under the same license as the PACKAGE package.
# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
#
#, fuzzy
msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
"POT-Creation-Date: 2016-04-29 15:20+0000\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
"Language: \n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"

#. type: Plain text
#, no-wrap
msgid "[[!meta date=\"2012-01-06 22:01:54 +0100\"]]\n"
msgstr ""

#. type: Plain text
#, no-wrap
msgid "[[!meta title=\"New SSL certificate for tails.boum.org\"]]\n"
msgstr ""

#. type: Plain text
#, no-wrap
msgid "[[!tag announce]]\n"
msgstr ""

#. type: Plain text
#, no-wrap
msgid "[[!toc levels=2]]\n"
msgstr ""

#. type: Plain text
msgid ""
"On the same day Tails 0.10 was put out, our website started to use a "
"commercial SSL certificate. This new certificate replaces the previous one "
"that was delivered by the non-commercial [CACert certificate authority]"
"(http://www.cacert.org/)."
msgstr ""

#. type: Title =
#, no-wrap
msgid "What are SSL certificates?\n"
msgstr ""

#. type: Plain text
msgid ""
"Using HTTPS instead of plain HTTP to connect to a website allows you to "
"encrypt your communication with the server. But encryption alone does not "
"guarantee that you are talking with the right server, and not someone "
"impersonating it, for example in case of a [[man-in-the-middle attack|doc/"
"about/warning#man-in-the-middle]]."
msgstr ""

#. type: Plain text
msgid ""
"SSL certificates try to solve this problem. A SSL certificate is usually "
"issued by a certificate authority to certify the identity of a server. When "
"you reach a website your web browser might trust an SSL certificate "
"automatically if it trusts the authority that issued it."
msgstr ""

#. type: Plain text
msgid ""
"Commercial certificate authorities are making a living out of selling SSL "
"certificates; they are usually trusted automatically by most of the "
"browsers.  Other non-commercial authorities, such as [CACert](http://www."
"cacert.org/), need to be installed by the operating system or by the user to "
"avoid displaying a security warning when visiting the website."
msgstr ""

#. type: Title =
#, no-wrap
msgid "Weaknesses of the system\n"
msgstr ""

#. type: Plain text
msgid ""
"But this trust system has proven to be flawed in many ways. For example, "
"during 2011, two certificate authorities were compromised, and many fake "
"certificates were issued and used in the wild. See [Comodo: The Recent RA "
"Compromise](http://blogs.comodo.com/it-security/data-security/the-recent-ra-"
"compromise/)  and [The Tor Project: The DigiNotar Debacle, and what you "
"should do about it](https://blog.torproject.org/blog/diginotar-debacle-and-"
"what-you-should-do-about-it)."
msgstr ""

#. type: Plain text
msgid ""
"It is clear for us that getting an commercial SSL certificate is not enough "
"to strongly authenticate our website, and for example authenticity of our "
"releases.  That's why we always propose you [[stronger ways of "
"authenticating our Tails release|install/download/openpgp]] using OpenPGP "
"signatures."
msgstr ""

#. type: Title =
#, no-wrap
msgid "Why get a commercial certificate then?\n"
msgstr ""

#. type: Plain text
msgid ""
"Still we decided to get a commercial certificate for the following reasons:"
msgstr ""

#. type: Bullet: '- '
msgid ""
"It makes it harder to setup a simplistic [[man-in-the-middle attacks|doc/"
"about/warning#man-in-the-middle]] against the people who didn't use HTTPS so "
"far to visit our website."
msgstr ""

#. type: Bullet: '- '
msgid ""
"Our website now is only available with HTTPS enabled. This may be important "
"to provide some confidentiality while posting on the forum for example."
msgstr ""
